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(57) ABSTRACT 

A method, arrangement, and apparatus for providing an 
authentication to an application provided through a commu- 
nications network. A connection is established between the 
application and a user interface through said communica- 
tions network so as to enable an access of a user to the 
application. An authentication is provided to said application 
by means of a mobile station communicating through a 
mobile communications network. 

20 Claims, 6 Drawing Sheets 
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METHOD, APPARATUS, AND 
ARRANGEMENT FOR AUTHENTICATING A 

USER TO AN APPLICATION IN A FIRST 
COMMUNICATIONS NETWORK BY MEANS 
OF A MOBILE STATION COMMUNICATING 
WITH THE APPLICATION THROUGH A 
SECOND COMMUNICATIONS NETWORK 

FIELD OF THE INVENTION 
The present invention relates to a method for providing an 
authentication to an application. The invention relates fur- 
ther to an arrangement for providing an authentication to an 
application and further to an apparatus to be used in the 
authentication. 

BACKGROUND OF THE INVENTION 

Various electronic applications exist which involve a need 
for an authentication. Authentication may be required, for 
example, when a user is accessing a specific application 
and/or when a user already uses an application and there 
arises a need to verify the user or to receive such an 
acknowledgment from the user which allows the application 
to make some further proceedings. 

Examples of applications which might require an authen- 
tication include various commercial services obtained 
through communications networks, such as Internet, Intranet 
or Local Area Networks (LAN)> payments and banking 
services accessed through communications networks, 
resource access, remote programming, reprogramming or 
updating of software etc. Even certain free of charge ser- 
vices obtained through communications networks may 
require an authentication. The amount of services or appli- 
cations which require at least some degree of authentication 
of the user who is trying to access them (or of the user who 
is already using them but where there is a need to check 
authorization during the use of the service or a need to 
acknowledge something during the use) has increased 
greatly during the past years. The need for the authentication 
is also expected to increase further in the future. 

At present there are already some well known solutions 
for communication authentication. These normally use vari- 
ous cryptographic techniques between two communicating 
computer devices. According to a basic scenario for the 
authentication, a random challenge is given to encryption 
functions of said two computer devices. Both of these 
computers have a secret, i.e., an encryption key, which is 
also given to the encryption function in both of the com- 
puters. Thereafter, the results of the calculations of the two 
encryption functions are compared, and if the result of the 
comparison is positive, the authentication is considered as 
being in force. If the comparison gives a negative result, then 
the authentication test is considered as having failed. 

There are also various already existing authentication 
arrangements. The following examples of the prior art 
arrangements are given with a brief description of some of 
the drawbacks thereof: 

Passwords. At present, the use of a password or several 
passwords is the most often used approach for the authen- 
tication. The password is given to the remote application 
through an user interface, e.g., through a computer terminal 
connected to a communications network. However, this 
solution does not take the vulnerability of the network into 
account, since the password is exposed to everyone who has 
access to the network (and who is skilled enough to read the 
passwords). 

A secret. This may be described as an electronic password 
or a signature or an encryption key which is stored and used 
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by for example the user interface. Even though the secret is 
not revealed to the network, it may end up in the "wrong 
hands" and could be used by some party other than those 
who are originally intended to be the users of the secret. 

5 Authentication software in the user interface. This is a 
more sophisticated approach to authentication. The pass- 
word is given to a program in the user interface, which then 
automatically authenticates cryptographically access to the 
requested application. Even though this provides a more 

io secure arrangement than the above solution, it still leaves a 
possibility for catching the passwords from the user inter- 
face. It is also possible to modify the software without notice 
to the actual user. 

Smart cards with associated readers. A smart card is 

15 capable of communicating encrypted challenge-response 
messages, but it does not contain a user interface for 
receiving an authorization from the user itself. Such an 
interface may exist in the smart card readers, but such 
readers must be well protected against any possibilities for 

20 misuse, and thus the ordinary users (i.e., the large majority 
of users, i.e., the public) cannot usually have physical access 
to these reader interfaces, but they have to trust to the 
organization providing the smart cards. In addition, the 
smart card readers cannot be shared between organizations 

25 which do not have trust to each others. 

Smart cards with a user interface. These do already exist, 
but they are expensive since each security processor must 
have a secure user interface of it's own. These are rare and 

3o the input/output capability thereof is still extremely limited, 
and thus they are not held to be an economically suitable 
solution for the authentication problem. 

A separate personal authentication device. In this 
approach the user is used as "a communication means" 

35 between the user interface and a separate authentication 
device. The user interface gives a challenge which the user 
then types in to a hand held authentication device (pocket- 
calculator like device). The authentication device may, e.g., 
give a number as a response, and the user then types this 

4Q number in to the user interface. In this the problems relate 
to the need of purchasing, using and carrying a separate 
device. In some instances there is also a possibility of 
incorrect typing of the usually long and complex character 
strings. 

45 The above already mentions some parties which may be 
involved when implementing the present authentication sys- 
tems. They are briefly explained in more detail in the 
following: 

The user is usually a human being who uses various 

50 applications or services. The user can be identified by means 
of a password (or secret) which is only known by him/her (a 
public key method), or by means of a secret which is shared 
between the user and the application (a secret key method). 
The application is the party that wants to ensure the 

55 authenticity of the user. The application can also in some 
occasions be called as a service. From the application's point 
of view the authenticity question can be divided in four 
different categories (questions): 1) is the user at the moment 
in the other end? (so called peer-entity-authentication), 2) 

60 are the further messages received from the same user? 
(integrity of the message stream), 3) does a specific message 
originate from a certain user? (data origin authentication), 
and 4) is the message such that even a third party may 
believe it to originate from a certain user? (non-repudiation). 

65 The user interface is the device or arrangement which 
enables the user to access the application or service. In most 
instances it can also be referred to as a terminal, and may 
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consist of devices such as computers (e.g., Personal 
Computer, PC), workstations, telephone terminals, mobile 
stations such as mobile telephones or radios or pagers, 
automatic money teller and/or banking machines, etc. The 
user interface provides input/output facilities and it may 5 
possibly even provide a part of the application. 

The Personal Authentication Device (PAD) is a piece of 
hardware that the user carries with him. The PAD may have 
some basic input/output functionality and even some pro- 
cessing facilities. The above referred smart cards and sepa- 10 
rate authentication devices may also be considered as PADs. 
In most cases the user can rely on his PAD, since the user has 
it (almost) always with him and thus under continuous 
control. All the possible passwords or secrets are hidden in 
the hardware thereof such that there is no easy manner to 15 
reveal them. The device itself is not easy to modify such that 
the communication path between the user and the security 
processor could be endangered. In addition, the PADs usu- 
ally have a minimum amount of stored state and the pro- 
grams thereof are not easily modifiable. 20 

SUMMARY OF THE INVENTION 

Even though the above described prior art solutions for 
authentication already exist, there are still some shortages, in 
addition to those already referred to above, in the area of 25 
authentication. 

In case the access to the application is made absolutely 
secure, or as secure as possible, the application easily 
becomes extremely complex from the architecture thereof, 3Q 
and becomes also complicated and more time consuming to 
access and use. The increased security level increases the 
amount of the required hardware and software, which leads 
to an increased need for maintenance and updating thereof, 
and thus the total costs of the authentication may become 35 
high. The complexity and costs could be decreased by 
lowering the level of security, but this is expected to lead to 
an insufficient security level in the communications. In 
addition, it is believed that an "absolutely secure" condition 
does not even exist in the communications networks, as the 4Q 
technical development makes it possible for hackers to solve 
even the most complicated security arrangements. 

A human problem lies on the fact that the passwords or 
secrets may become quite complicated and/or too long, or 
that there may be too many of them. Thus the users may find 45 
it hard to remember them. Typically a secret which is 
considered as secure in the secret key method is 128 bits and 
in the public key method it is 1024 bits. For most people it 
is impossible to remember this kind of key. 

In addition, users are not able to perform the calculations 50 
required in the authentication without external devices. As 
was explained above, the basic authentication is often made 
by challenge and response method. This would require the 
user (i.e., a human) to encrypt something with his secret. 
This is not held to be possible in practice. 55 

In addition to the possibility of catching the password or 
secret during it's transmission over an open communications 
network as was discussed above, today's solutions do not 
pay sufficient attention to the vulnerability of the user 
interfaces either. The terminal devices have developed to be 60 
full of complex technology and software such that most of 
the users are no longer capable of fully controlling the 
terminals, or understanding the operation thereof. In 
addition, it often occurs that many users share the same 
terminal device (e.g., is a commonly used PC) and/or that 65 
external maintenance personnel has access to the computers 
of a per se closed organization. 
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The computer terminals contain stored state and programs 
in the memory means thereof, which can be modified. In 
modern computers it is possible to modify the software 
thereof even such that the user does not notice this, and even 
through the communication paths without any physical 
access to the device itself. To give an example of the risks, 
it is possible to modify a program in a computer terminal 
such that it modifies the data the user sends for example to 
a bank such that the computer modifies all bank transfers on 
a certain day to another account than what was designated by 
the user. This modifying or reprogramming without notice 
may cause serious and huge damages when used against 
ordinary individual users, and especially when used against 
organizations such as companies or public administration. 
This all means that the ordinary terminal devices and 
communication paths cannot be trusted. 

Therefore it is an object of the present invention to 
overcome the disadvantages of the prior art solutions and to 
provide a new type of solution for authentication. 

An object is also to provide a method and an arrangement 
by means of which a user who wishes to access an appli- 
cation can be authenticated in a more secure manner than has 
been possible in the prior art. An object is also to provide an 
authentication when a need for the authentication arises 
during the use of an already accessed application. 

An object of the present invention is also to provide a 
method and arrangement by means of which a mobile station 
can be utilized in the authentication. 

An additional object of the present invention is to provide 
a solution in which an identification module of a mobile 
station can be utilized in the authentication. 

Other objects and advantages of the present invention will 
be brought out in the following part of the specification 
taken in conjunction with the accompanying drawings. 

The objects are obtained by a new method for providing 
an authentication to an application provided through a 
communications network. According to the present inven- 
tion a connection between the application and a user inter- 
face through said communications network is established so 
as to enable an access of a user to the application provided 
through the communications network, while an authentica- 
tion to said application is provided by means of a mobile 
station communicating through a mobile communications 
network. 

According to one further embodiment the authentication 
method comprises a step of establishing a connection 
between an application and a user interface through a 
communications network so as to enable an access of a user 
to the application provided through the communications 
network. The authentication to said application is provided 
by means of a mobile station such that a secret of a 
Subscription Identification Module (SIM) of the mobile 
station is utilized in encryption operations of the authenti- 
cation. 

The invention provides further an arrangement for pro- 
viding an authentication to an application provided by an 
application provider through a communications network. 
The arrangement comprises a user interface and a connec- 
tion between the application and the user interface through 
said communications network so as to enable use of the 
application. The arrangement further comprises means for 
authenticating the use of the application, wherein said means 
for authenticating comprise a mobile station communicating 
through a mobile communications network and a link 
between the application implemented by the communica- 
tions network and the mobile communications network. 
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According to an alternative embodiment the invention DETAILED DESCRIPTION OF THE DRAWINGS 
provides a mobile station for providing an authentication to piG j fa a schematic representation of one network 
an application provided through a commumcations network ement which can be ^ed when implementing the 
In this embodiment the application is accessed by means of , invention m arraagemen , 0 f FIG. 1 comprises a 
a user interface connected to the communications network, 5 Switched Tele p hon e Network (PSTN) which is sche- 
while said mobile station is using a different communica- maticall shown as a box des i g nated by 20. The exempti- 
ons network for the commumcations than the user inter- psTN ^ a fixed Une tel hone network (or plain 01d 
face. Said mobile station u ; used for authenticatmg the use Tele hone Service> P0TS)> which forms a communications 
of said application accessed by the user interface. nelwork (hrough which a ^ u ^ 6nab , ed (Q 

Several advantages are obtained by means of the present 10 acc(JSS an application According to this embodiment a user 

invention, since the solution introduces a new reliable man- ( not snown ) may use the user terminal 16 connected to the 

ner for authentication. The inventive authentication method psxN as a user interface to access the desired service in one 

and arrangement is easy to implement in already existing 0 f me WWW servers 45 obtainable through an Internet 

communications networks without any excessive alterna- connection. The disclosed terminal 16 is a personal com- 

tions or additional devices. The arrangement can be used in " puter (p C ^ bm otner tvpes of user interfaces, such as 

connection with various different applications, in practice in workstations, automatic public teller machines etc. may also 

connection with any such application provided through a be 

communications system which needs some kind of authen- APuWic Land Mobik Ne twork(PLMN) is also disclosed, 

tication. This ma y j or example, a cellular telephone network or 

The user is freed from carrying a separate authentication ^ similar mobile communications system. Two mobile stations 

device (PAD) or many different authentication devices. The MS y and M S+PC 2 are also disclosed. The MS+PC 2 may 

user can also trust to the personal authentication device be defined ^ ^ mtegrated mobile phone and a portable 

(PAD) according to the present invention, as the mobile computer. Both of these are capable of communicating 

station is usually always with him, and the users tend to take through an air interface 3 with the PLMN through one of 

good care of their mobile stations. In addition, for instance 25 several base stations (BS) 4 of the PLMN. 

in case of theft of a mobile station, the mobile subscription Qne of pLMN ^ fl GSM netwQrk (QSM 

and/or the SIM thereof can be easily canceled by the GkJM s for Mobfle Comtnunications)> which k well 

operator. All secrets of a mobile station are well hidden in ^ jn lf]e GSM recommendations by ETS1 (European 

the hardware thereof such that it n not easy to reveal them. Te i ec0 mmunications Standard Institute), the network archi- 

In addition, the mobile station dev.ce itself ,s not easily tecturethereofbeingdescrfhedindetaiiinrecommendations 

modifiable in such a way that the communication path GSM Q1 Q2 Qr GSM Q3 m QJ me fevised versions 

between the user and the security processors could be j, ig tQ be nQted ^ while me invefflion ^ mamly 

en angere . in the context of an exemplifying cellular telephone network 

The system includes a minimum amount of stored state ^ using GSM terminology, those skilled in the art will appre- 

and the programs are not easily modifiable. The existing ciate that the present inven tion can be implemented in any 

SIM of a mobile station, and more precisely the secret mobile system> Furthermore, it is to be noted that for clarity 

thereof, can be utilized for the required encryption proce- rea sons only those parts of a mobile network structure are 

dures. Thus the SIM can be utilized as a security card for shown which are cons idered as necessary for the purposes of 

new purposes, and there is already an existing party who will 4o illustrating t he operation of the exemplifying system. The 

control the use of the SIM, i.e., the mobile network operator skilled person is well aware of the fact lhat me telephone 

who can immediately cancel a SIM if fraud is suspected. networks may normally comprise also other necessary appa- 

In the following the present invention and the other ratus than those illustrated, that some of the disclosed 

objects and advantages thereof will be described by elements of the PLMN or PSTN may be omitted or replaced 

examples with reference to the annexed drawings, in which 45 by some other type of elements, and that a great number of 

similar reference numerals throughout the various Figures mobile networks and ordinary fixed land line networks may 

refer to similar features. It should be understood that the cooperate and interchange with each other. The skilled man 

following description of the invention is not meant to restrict understands also that the connection to the Internet may also 

the invention to the specific forms presented in this connec- be a direct connection without any PSTN or similar network 

tion but rather the present invention is meant to cover all 5Q arrangement between the user terminal 16 and the Internet 

modifications, similarities and alternatives which are 43. These alternatives are, however, not shown and 

included in the spirit and scope of the appended claims, explained in more detail as they are known to skilled man in 

BRIEF DESCRIPTION OF THE DRAWINGS the art * 

n ^ + t , . o , The GSM based public land mobile network (PLMN) 

FIG. 1 shows a general view of one possible arrangement 55 usuaU indudes sevefal py mobfle switchin ^ 

of communications networks in which it is possible to {CTS (MSQ 1Q Each of these ^ ^ connect ed to a 

implement the present invention; plufality of base sUtioD subsystems 6 (oaly one MSC 

FIG. 2 is a schematic presentation of an embodiment for and 355 ^ shown for clarity ). The base station subsystem 6 

authenticating a user according to the present invention; usually compr is es a base station controller BSC and neces- 

FIG. 3 discloses schematically one possible mobile sta- 60 sary interface apparatus, and is connected to a plurality of 

tion and an embodiment of the present invention; base stations (BS)4, each of which supervises a certain 

FIGS. 4 and 5 disclose flow charts according to two geographical area, referred to as a cell (for the cells, see FIG. 

embodiments of the present invention; 7). 

FIG. 6 discloses an alternative embodiment for the The mobile services switching center 10 of FIG. 1 is 

authentication in accordance with the present invention; and 65 further connected or linked to the public switched telephone 

FIG. 7 is a schematic presentation which relates to a network (PSTN) 20 through an exchange 12 and lines 11. 

further embodiment of the present invention. The MSC 10 is also connected to a global communications 
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network, which in the example is the Internet (designated by The mobile station 1 (or 2) is used as a personal authen- 

numeral 43). The MSC may be connected to an integrated tication device (PAD) when the user accesses, or has already 

services digital network (ISDN) or any other type of appro- accessed, via the user interface 16 through the PSTN 20, a 

priate communications network. The necessary links service x provided by the WWW server 45. The mobile 

between different components of different telecommunica- 5 station 1 communicates with the service x through a separate 

tion network systems are per se well known in the art. communications path or channel than is used by the actual 

™ _„/ , . , . . , , , . user interface 16. The mobile station can be trusted because 

The PLMN network further includes a database, the so ±o usef usuaUy keeps [{ always with him The ergonomic 

called home location register (HLR) 9, which is connected and functional requirements for the mobile stations and for 

to the MSC. Those mobile terminals 1 and 2 which are the conventional PADs are essentially the same, and the MS 

subscribers of the mobile telecommunications network are io ^ & ^ interface that ^ suitable for lhe pad. A modern 

registered in the HLR 9. Each local mobile telephone MS hag even a security processor interface that is suitable 

switching center 10 further includes a local database called for authenlicalion purposes. 

a visitor location register (VLR) 8, into which is registered ^ m aUernatives tQ accomplish the aulhen . 

all such mobUe stations^ ticalioQ b means of the mobile stati and the e les 

area of one of the cells handled by that local mobile « ^ ^ nQw discussed ^ ^ followi {n mofe 

telephone services switching center MSC at any given detail 

moment. Reference is now made to FIGS. 2 and 4, of which FIG. 

The mobile stations are identified by a SIM (Subscriber 2 discloses schematically one arrangement for the authen- 
Identification Module) which is usually mounted within lication and mQ 4 a flow chart for ^ operation in accor . 
each of the mobile stations, or otherwise physically con- dance witfa Qne basic embodimentt user 22 sends a 
nected thereto. A SIM is a module which includes various fequest by meaQS of the user terminal 16 t0 access a desired 
user (subscription) related information and secrets. It may app ncation 45, such as a banking service, through a con- 
also include further information which relates to the encryp- nection established by means of a communications network 
tion of the radio communications. The SIM may be (afrow 21 m pjQ 2 ; steps 102 and 104 in FIG. 4). The 
assembled fixedly or removably to the mobile station. The application 45 may com p rise a database 46, or is connected 
utilization of the SIM as well as the HLR and/or VLR lQ a databa se, such as the HLR 9 of the MSC 10 of 
registers in this invention will be discussed in more detail F[G j from whkh the application is enabled t0 retrieve the 
later in this specification. necessary user information. On the basis of this information 

As discussed, the user may be connected to the Internet 43 3Q tne application establishes a connection to the mobile station 

via a fixed or a mobile network or via a direct connection. \ 0 f t hc user 22 (arrow 26; step 106) for authentication 

However, there may be some differences between the con- purposes. At this stage the user may accept the connection 

nections when for example GPRS (General Packet Radio 21 made by the user interface 16 by sending back a confir- 

System) is concerned, but the service from the Internet mation signal 29 (i.e., an acknowledgment) using the mobile 

network is available for the users of both PSTN and PLMN 35 station 1 indicating that access is allowed and that the actual 

systems. In the example, the Mobile Switching Center use of the service may begin (steps 108 and 112). In case the 

(MSC) 10 as well as the PSTN 20 are provided with an authentication fails, e.g., on the basis that the application 

access to the multiprotocol Internet 43 by access nodes (AN) cannot reach the MS 1, all connections are closed (step 110). 

14 and 40. Even though only one AN per communications Alternatively the user may be allowed to retry the access, 

network is disclosed, it is to be understood that in practice 4Q either immediately or after a certain time period, or the user 

the number of ANs may be essentially greater, and that the mav b e instructed by the user interface 16 to take some 

number of ANs is also increasing continuously. According to additional measures due to the failed authentication, 

one solution a special Internet Access Server IAS capable of 0ne way to i mp i ement the authentication, or the acknowl- 

converting the signal into data packets is used as an AN edgment feature, is to use short messages of a short message 

towards the Internet. 45 syste m (SMS) of the PLMN. In the GSM system, a SMS 

The users of the Internet 43 have made a contract with a MSC (SMS Message Service Center) designated by 7 in 

Internet Service Provider (ISP) 42, who provides the com- FIG. 1 is provided for the delivery of short messages to and 

munications connection to the Internet from the user termi- from the mobile stations. The service center 7 sends the 

nals 1, 2, or 16. When the user desires to have an Internet messages to the mobile subscribers using the same network 

connection, he calls to the Internet Service Provider (ISP) 42 50 elements as were discussed above and defined by the 

so as to connect his terminal 16 to the desired address (so referred specifications. The SMS message signaling usually 

called Internet Protocol address). The call connection is contains, e.g., thc receiver identification, sender 

established by the PSTN 20 and passes through at least the information, time stamp etc. 

local exchanges 18, and perhaps one or several transit FIG. 3 discloses a solution in which the mobile station MS 

exchanges which are connected or interconnected through 55 1 has received a SMS message. The method steps for this are 

trunk lines (not shown). It is to be understood that even shown by the flow chart of FIG. 5. According to this 

though FIG. 1 discloses only one ISP through which both embodiment the user has requested, after having accessed 

networks communicate towards the Internet, communica- lne banking service through the user interface 16, that a sum 

tion could be arranged through different ISPs. 0 f 200 FIM should be transferred from account No. 1234- 

FIG. 1 discloses further a WWW server 45 (World Wide 60 4567 to an account No, 4321-7654 (step 204). The applica- 

Web server) which includes server databases x, y and z tion retrieves the user related authentication data from an 

providing different services. It discloses also a connection appropriate database (step 206), and sends accordingly a text 

from the ISP through the router 44 to said server 45 via the message to the mobile station 1 (step 208). The MS 1 

Internet 43. It is to be understood that the service can be any displays the text as shown, and asks the user to confirm or 

service obtainable through any communications network, 65 to deny the transaction by pressing "Yes" or "No" keys, 

such as a banking service, an electronic shopping service respectively (step 210). The response is then transmitted 

etc., in which authentication is required. back to the application, and in case of "Yes" the transaction 
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proceeds (step 214) and in case of "No" some other mea- permission for the MS PAD 35 to "sign" the message signal 

sures are taken. 26 from the application by using user's secret (e.g., when 

The arrows 27 and 28 of FIG. 2 can also be seen as using public key encryption and a non-repudiation is 

illustrating the stage in which the MS 1 and the user 2 required) or using a secret shared with the application, 

communicate: information received by looking at the dis- 5 Thereafter the application will proceed as requested by 

play 31 of the MS 1 is indicated by arrow 27, and the means of the user interface. According to one embodiment, 

response given by the user to the MS 1 is indicated by arrow the secret or secrets of the SIM 34 can also be used for the 

28. As explained, the user may choose a proper selection by encryption of the messages and/or signaling between the 

pressing either Y or N key 32 of the MS. In case the user application and the MS. 

accepts, i.e., "signs" the transaction, the banking service will i° FIG. 6 discloses an alternative embodiment for FIG. 2. In 

then proceed accordingly. In case the user will not confirm this embodiment the user interface 16 is in a form of an 

the transaction, i.e., presses the "No" key, the application ordinary telephone terminal connected to the PSTN 20 in a 

may send a request to the user interface to feed in a per se known manner. The PSTN is further connected to 

correction, a cancellation, a new destination account, etc. intelligent network services (IN) 60 which forms the appli- 

(steps 216, 218). 15 cation in this embodiment. The mobile station 1 includes a 

In case the application does not receive any response p AD controller 35 and a SIM 34 as described above in 

within a certain time period, or the response is somehow connection with FIG. 3. According to one embodiment MS 

incorrect, the application may either send a second request fAD P airs > which contain a predefined pair of a service 

for the confirmation, or close down all the connections. identifier for the given service and a personal secret, are 

The user may process several subsequent transactions and 20 stored withi f n the PAD controller. These pairs may be used, 

even some other banking services after having once c -6-» m the following manner. 

accessed the application. When the user finally replies at The user accesses a service in said IN by establishing a 

step 216 to the user interface 16 that he does not want to telephone call to the service (arrow 21). The application 

continue, the connections are closed (step 220). challenges the user with a number given as a voice message, 

According to one embodiment of the present invention the 25 or b y means of a P ossible display on said telephone terminal 

information contained in the IILR and even in the VLR of ( arrow 61 )- llie user ke y s in this challenge together with a 

the PLMN of FIG. 1 can be utilized when implementing the s P ecific number for the ^ icG to the MS b y the ke VP ad 33 

inventive authentication arrangement. This is enabled by the (arrow 28), whereafter the PAD controller accomplishes the 

fact that each of the mobile subscriptions includes, in the 30 necessary calculations according to predefined algorithm to 

HLR 9 of FIG. 1, information relating to the SIM receive a further DUm ber strings. In this calculation the 

(Subscriber Identification Module) already referred to, an secret stored to the SIM for that particular user may form a 

IMSI (International Mobile Subscriber Identity) and P art of the algorithm. This secret may be either an applica- 

MSISDN (Mobile Subscriber ISDN number) as well as to tion specific secret or a secret of the PLMN. The result of the 

the location information (VLR number), basic telecommu- 35 calculation is then fed in to the user interface 16 (arrow 62), 

nications services subscriber information, service and transmitted to the IN service in question through the 

restrictions, and supplementary services, etc. PSTN 20 * In case this matches to the expected value, the IN 

Therefore FIG. 3 can be seen to disclose also a SIM f ™*. 60 *U°ws the user to initiate the use thereof by the 

(Subscriber Identification Module) card 34 inserted within nxed lme termmal 16 - 

the MSI. The telephone company usually uses the SIM for 40 ^ above mentioned embodiment can be used, e.g., 

controlling payments and location of the user. Thus the SIM when P a y in g telephone calls or services obtained through 

card 34 has to be connected to the MS 1 before taking it into an y ordinary POTS line telephone. For instance, this enables 

use, and making telephone calls. The MS 1 of FIG. 3 an arrangement in which calls by any telephone terminal are 

includes further a MS PAD controller 35 (Mobile Station charged from the mobile telephone subscription (i.e., from 

Personal Authentication Device controller). From these the 45 lDe bolder of a particular SIM card). The mobile subscribers 

SIM 34 may be used in the invention as the means for may find this service useful, e.g., in instances where the calls 

identifying the user and/or including a secret or several made b y tne mobile telephone are more expensive than calls 

secrets, and the MS PAD controller 35 is used for controlling b y an ordinary POTS telephone, or when the MS 1 is not 

the authentication operations. In addition to the general within an area of any such mobile network into which the 

control of the authentication procedure, the controller 35 50 user 00X116 have a P ro P er racu 'o connection, 

may, e.g., be arranged to make all the calculations relating According to one additional embodiment (not shown) the 

the various encryption operations. The arrangement in mobile station 1 and the user interface 16 are capable of 

which the SIM 34, which is controlled by the MS PAD directly communicating with each other through suitable 

controller 35, can be utilized in the authentication procedure operational connection, such as a radio connection, an 

varies. Examples thereof are shortly explained in the fol- 55 infrared connection or a fixed conduit connection with 

lowing. necessary couplings. This reduces the risk for mistyping 

Instead of the above referred arrangement utilizing SMS errors whicn the user might do when acting as a "link" 

services, the transactions can also be acknowledged such between the MS 1 and the user interface 16. 

that the application, such as the banking service or another According to one alternative a mobile station is arranged 

commercial service paid by an electronic transaction, sends 60 to receive more than one SIM card 34. By means of this, one 

the details of the transaction to the MS PAD 35 as a data single mobile station could be used for different authenti- 

signal through the mobile network. The correctness of the cation purposes. For example, a user could have three 

signal can be ensured by means of a checksum calculated by different SI Ms: one for the authentications required by his 

the MS PAD 35 in accordance with a predefined algorithm work, one for the personal needs, and one for a still further 

and utilizing the secret of the SIM 34: the checksum has to 65 need, e.g., for a "chairman of an association". Each of the 

match with the sum displayed by the user terminal 16. If the SIMs may have a telephone number, alarm tone etc. of their 

user accepts the transaction, he acknowledges it and gives a own. 
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According to a further alternative the MS 1 communicates 
through a PLMN with the application, and the messages 
and/or signaling required in this communication is encrypted 
using the secret or secrets of the SIM. This enables a secure 
communications using only one communications network, 5 
i.e. the PLMN, as the secret of the SIM is unique, and it is 
not possible for third parties to obtain information contained 
in the signaling or to break into the signaling. 

A further embodiment of the present invention is now 
explained with reference to FIGS. 1 and 7. FIG. 7 discloses 10 
a schematic cell map of an arbitrary geographic area, which 
is divided into a plurality of contiguous radio coverage areas 
or cells. While the system of FIG. 7 is illustrated so as to 
include only ten cells (CI to CIO), the number of cells may 
in practice be larger. A base station is associated with and 15 
located within each of the cells, these base stations being 
designated as BS1 to BS10, respectively. The base stations 
are connected to the base station subsystems (BSS 6 of FIG. 
1). A cell may also cover one or several base stations. The 
cells are grouped into four groups A to D, wherein each 20 
group may include one or more cells, as is marked by 
corresponding markings. 

Each group is seen by the system as one unit, i.e., one 
area, such that four different cell categories A to D are 
provided. The purpose of this is to illustrate that the cells 25 
may be divided into different authentication categories, or 
classes. The idea behind this is that the authentication data 
within the authentication database may include restrictions 
which do not allow the user to access the application in case 
he is not situated within a certain predefined cell area. For 30 
example, if a company uses a MS of an employee for 
authentication, it is possible to limit the area such that the 
authentication possibility can be restricted to be allowed 
only in those cells (e.g., within the area A) which are near 
to the office of the company. 35 

The above can be easily implemented by means of the 
visitor location register VLR, designated by 8 in FIG. 1. The 
mobile station (MS) 1 or 2 roaming in the area of the MSC 
is controlled by the VLR 8 which is responsible for this area. 4Q 
When the MS 1 or 2 appears in the location area, the VLR 
initiates an updating procedure. The VLR 8 has also a 
database which includes, e.g., the IMSI, MSISDN, and 
location area in which the MS is registered according to, 
e.g., GSM 09.02 specification. So-called cell global identi- 45 
fication includes further a cell identity, and is included in the 
messages between the MS 1 and the MSC 10. This infor- 
mation may be used as an identification indicator to find the 
mobile station MS 1 location, which is then utilized in this 
embodiment. 50 

It is noted herein that the mobile station can be any kind 
of apparatus providing a possibility for mobile communica- 
tions for a user other than the mobile telephone 1 or the 
integrated unit of mobile telephone and a computer 2. The 
latter arrangement is sometimes also referred to as a "com- 55 
municator". One example of other suitable mobile station is 
a pager, i.e., the "beeper" capable of displaying a character 
string. What is important is that the mobile station is capable 
of receiving and/or transmitting desired information, which 
in some instances may even be in the form of text or voice 60 
messages only instead of a specific authentication signal or 
code. 

In addition, in the above examples the application 45 is 
arranged to provide linking between the two communica- 
tions networks such that they both can be used for the 65 
connection of the user to the application. However, this may 
well be accomplished by some other party. For instance, the 
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ISP or similar service provider or the telecommunications 
network operator may operate as an authenticating organi- 
zation and/or provide the linking between the two commu- 
nications networks, and provide a secure connection to the 
actual application. 

Thus, the invention provides an apparatus and a method 
by which a significant improvement can be achieved in the 
area of authentication. The arrangement according to the 
present invention is easy and economical to realize by per se 
known components and is reliable in use. It should be noted 
that the foregoing examples of the embodiments of the 
invention are not intended to restrict the scope of the 
invention defined in the appended claims. All additional 
embodiments, modifications and applications obvious to 
those skilled in the art are thus included within the spirit and 
scope of the invention as set forth by the claims appended 
hereto. 

What is claimed is: 

1. An arrangement for authenticating an application pro- 
vided by an application provider through a communications 
network, comprising: 

a user interface; 

a first connection between the application and the user 
interface through the communications network so as to 
enable use of the application; 

a database, accessible by the application, for storing user 
authentication information including information indi- 
cating one or more geographical cells associated with a 
cellular radio communications system from which the 
user may access the application; 

a mobile station; and 

an authentication controller for enabling an authentication 
procedure if the mobile station is situated in the one or 
more geographical cells associated with the cellular 
radio communications system, and if so, communicat- 
ing over a second connection established between the 
application and the mobile station corresponding to a 
cellular radio communications channel associated with 
one of the geographical cells at least some of the user 
authentication information to the mobile station. 

2. An arrangement according to claim 1, wherein the 
mobile station comprises a mobile station personal authen- 
tication device (MS PAD) arranged to control the authenti- 
cation procedure, and a subscription identification module 
(SIM including a secret and being operationally connected 
to the MS PAD, wherein the secret of the SIM is arranged 
to be utilized in the authentication procedure. 

3. An arrangement according to claim 1, wherein authen- 
tication signaling to and from the mobile station is in the 
form of text messages provided by a short message system 
(SMS) of the cellular radio communications system. 

4. An arrangement according to claim 1, wherein the 
application is a banking service, an electronic shopping 
service, or some other commercial service requiring an 
acknowledgment for an electronic transaction. 

5. An arrangement according to claim 1, wherein the 
mobile station comprises an infrared or radio transceiver 
capable of directly communicating with the user interface. 

6. An arrangement according to claim 1, wherein the 
mobile station is a cellular telephone communicating over a 
digital cellular radio communications system. 

7. A method for authenticating a user to an application, the 
method comprising: 

establishing a first communications channel between the 
application and a user interface through a communica- 
tions network so as to enable a user to access the 
application; 
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retrieving user authentication information from a database 
including information indicating one or more geo- 
graphical cells associated with a cellular radio commu- 
nications system from which the user may access the 
application; 

establishing a second connection between the application 
and a mobile station through a separate, cellular radio 
communications channel associated with one of the 
geographical cells; 

authenticating the user to the application by confirming 
that the mobile station is currently situated within one 
of the geographical cells associated with the cellular 
radio communications system included in the user 
authentication information; and 

communicating at least some of the user authentication 
information with the mobile station through the 
separate, cellular radio communications channel asso- 
ciated with the cellular radio communications system. 

8. A method according to claim 7, wherein the step of 
authenticating comprises using the mobile station such that 
a secret of a Subscription Identification Module (SIM) of the 
mobile station is utilized in encryption operations of the 
authentication. 

9. A method according to claim 7, wherein the step of 
authenticating comprises using the mobile station for 
acknowledging a transaction or proceeding which the user 
has previously requested from the application through the 
user interface. 

10. A method according to claim 7, further comprising 
utilizing a secret of a Subscription Identification Module 

(SIM) of the mobile station for encryption of signaling 
associated with the authenticating step. 

11. A method according to claim 7, wherein the step of 
authenticating comprises using the mobile station to verify 
the identity of the user as the user accesses the application 
by the user interface. 

12. A method according to claim 7, wherein at least part 
of the signaling between the application and the mobile 
station is in the form of short message system text messages. 

13. A method according to claim 7, wherein a Subscrip- 
tion Identification Module (SIM) of the mobile station is 
used for providing the identity of the user. 
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14. A method according to claim 13, further comprising: 
charging costs of the connection from the user interface to 

the application to a holder of the subscription identified 
by the SIM. 

15. A method according to claim 7, wherein the mobile 
station is a cellular telephone communicating with a digital 
cellular communications system. 

16. A mobile station comprising: 

means for establishing a first communication path 
between a user interface and an application to access a 
service provided by the application; 

means for providing the mobile station s current cell 
location with a cellular grid associated with a cellular 
radio communications system; 

means for establishing a separate, second communication 
path for authenticating use of the application over a 
cellular radio channel associated with the mobile sta- 
tion's current cell location; and 

means for authenticating the use of the application if the 
current cell location of the mobile station is in an 
authorized cell location with the cellular grid. 

17. A mobile station according to claim 16, further 
comprising means for providing the mobile station's current 
cell location, wherein the means for authenticating is 
arranged to determine whether the current cell location of 
the mobile station is consistent with an authorized cell 
location from which to access and use the application. 

18. A mobile station according to claim 16, wherein the 
mobile station is a digital mobile telephone and comprises a 
subscription identification module (SIM) including a secret, 
wherein the secret of the SIM is arranged to be utilized by 
the means for authenticating. 

19. A mobile station according to claim 18, further 
comprising at least one additional SIM. 

20. A mobile station according to claim 16, wherein the 
means for authenticating includes an integrated mobile 
station personal authentication device (MS PAD). 
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